Thank you, Peter! I agree that it would be good to lint for these, and hope to see that capability integrated into pre-issuance validation by all CAs.
Mike On Sat, Oct 19, 2024 at 6:15 AM Peter Gutmann <[email protected]> wrote: > The publiction of RFC 9500 passed without too much notice so I thought I'd > mention it here for both CAs and crypto library developers, the description > is: > > The widespread use of public key cryptosystems on the Internet has led > to a > proliferation of publicly known but not necessarily acknowledged keys > that > are used for testing purposes or that ship preconfigured in > applications. > These keys provide no security, but since there's no record of them, > relying parties are often unaware that they provide no security. In > order > to address this issue, this document provides a set of standard public > test > keys that may be used wherever a preconfigured or sample key is required > and, by extension, also in situations where such keys may be used, such > as > when testing digitally signed data. Their purpose corresponds roughly > to > that of the EICAR test file, a non-virus used as a test file for > antivirus > products, and the GTUBE file, a similar file used with spam-detection > products. > > Crypto library developers may want to use these keys as their standard test > keys, and CAs should check for them when issuing certificates to make sure > that they're not certifying test keys for production use. > > Peter. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB0713E3C29CAA7213BE419AB1EE412%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqvWxnBeq%3DUZHU7wKBmZRTTRAmzr5_tZo_EQ5HT-GO0EAA%40mail.gmail.com.
